From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from email.msoe.edu ([155.92.194.61]) by speech.braille.uwo.ca with esmtp (Exim 3.36 #1 (Debian)) id 1HViC1-00073P-00 for ; Mon, 26 Mar 2007 01:56:33 -0400 Received: from tunes ([72.131.54.227]) by email.msoe.edu with Microsoft SMTPSVC(6.0.3790.3959); Mon, 26 Mar 2007 00:56:32 -0500 From: "Anthony Creapeau" To: "'Speakup is a screen review system for Linux.'" References: <00bc01c76f2e$1156d2f0$6701a8c0@blanchew2fs98i> <20070325233903.GB20873@localhost.localdomain> Subject: RE: iptables? Date: Mon, 26 Mar 2007 00:56:31 -0500 Message-ID: <000001c76f6b$8140f450$6401a8c0@tunes> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook 11 Thread-Index: AcdvNtz/3GbCpF0kS66WPVNUMr6tWAAMu8Ig In-Reply-To: <20070325233903.GB20873@localhost.localdomain> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3028 X-OriginalArrivalTime: 26 Mar 2007 05:56:32.0499 (UTC) FILETIME=[814F4C30:01C76F6B] X-BeenThere: speakup@braille.uwo.ca X-Mailman-Version: 2.1.9 Precedence: list Reply-To: "Speakup is a screen review system for Linux." List-Id: "Speakup is a screen review system for Linux." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Mar 2007 05:56:34 -0000 TCP Ports 20, 21 and 20 are FTP, SFTP and SSH ports respectively. These ports are outgoing communications used by the respective protocol, (IE. FTP, SFTP and SSH) and the responding or incoming communications usually are negotiated to use ports above 1024. Hope this makes sense. -----Original Message----- From: speakup-bounces@braille.uwo.ca [mailto:speakup-bounces@braille.uwo.ca] On Behalf Of Gregory Nowak Sent: Sunday, March 25, 2007 6:39 PM To: Speakup is a screen review system for Linux. Subject: Re: iptables? -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I think I see the problem. Basically, you want to use --dport, instead of --sport. For example, the way you have it now: iptables -A INPUT -p tcp --sport 20:22 -j ACCEPT means that you'd be accepting connections with source ports 20:22. If I understand tcp/ip correctly, that could never happen with those ports, I think they're used only for responding to already initiated connections. So, if what you want to do is to allow connections on ports 20:22 in this example into your box, use --dport. Greg On Sun, Mar 25, 2007 at 03:36:43PM -0700, Littlefield, Tyler wrote: > Hello list, > I've got the following iptables set. > iptables -F > iptables -A INPUT -p tcp --sport 20:22 -j ACCEPT iptables -A INPUT -p > tcp --sport 80 -j ACCEPT iptables -A INPUT -p tcp --sport 110 -j > ACCEPT iptables -A INPUT -p tcp --sport 3784 -j ACCEPT iptables -A > INPUT -p tcp --sport 443 -j ACCEPT iptables -A INPUT -p tcp --sport > 6666:6670 -j ACCEPT iptables -A INPUT -p tcp --sport 10000 -j ACCEPT > iptables -A INPUT -p tcp --sport 20000 -j ACCEPT iptables -P INPUT > DROP iptables -P OUTPUT ACCEPT I'm dmzed, and when I run this, it puts > everything to filter. > Any idea what I'm doing wrong? > Thanks, > ~~TheCreator~~ > _______________________________________________ > Speakup mailing list > Speakup@braille.uwo.ca > http://speech.braille.uwo.ca/mailman/listinfo/speakup - -- web site: http://www.romuald.net.eu.org gpg public key: http://www.romuald.net.eu.org/pubkey.asc skype: gregn1 (authorization required, add me to your contacts list first) - -- Free domains: http://www.eu.org/ or mail dns-manager@EU.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFGBwgX7s9z/XlyUyARAsCLAJ97NBM9eFYvQtGXAtO205j37fTk1gCfW+HS ArSXMxhPWyq79WeX8FnJ8y4= =Em7O -----END PGP SIGNATURE----- _______________________________________________ Speakup mailing list Speakup@braille.uwo.ca http://speech.braille.uwo.ca/mailman/listinfo/speakup